[jira] [Created] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1

Tue, 20 Feb 2024 01:02:03 -0800 

Alexander Veit created COMPRESS-661:
---------------------------------------

             Summary: commons-compress 1.26.0 breaks Apache Tika 2.9.1
                 Key: COMPRESS-661
                 URL: https://issues.apache.org/jira/browse/COMPRESS-661
             Project: Commons Compress
          Issue Type: Bug
          Components: Compressors
    Affects Versions: 1.26.0
            Reporter: Alexander Veit


Apache Commons Compress 1.26.0 fixes
* https://www.cve.org/CVERecord?id=CVE-2024-25710 and
* https://www.cve.org/CVERecord?id=CVE-2024-26308.

We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our 
deployments in order to fix these security vulnerabilities. But unfortunately 
now Apache Tika is broken:


{code:text}
  org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from 
org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
    at 
app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
    at 
app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
    at 
app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
    at app//org.apache.tika.Tika.parseToString(Tika.java:525)
    at app//org.apache.tika.Tika.parseToString(Tika.java:495)
    at ...
  Caused by: java.io.IOException: Resetting to invalid mark
    at java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
    at 
org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
    at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
    ... 42 more
{code}




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to